<moderator on>
Moved this thread from Linux Mint "Main Edition - Newbie Questions" to "Open Chat", because
+ the alledged WPA2 breach is not a Linux Mint problem only
+ but a problem affecting any operating system which uses wireless connections, e.g. Linux, MacOS, Windows, Andoid, IOS
+ there is no better sub-forum to discuss the topic</moderator off>

Old bugs good, new bugs bad! Updates are evil: might fix old bugs and introduce no new ones.

Fabio7891 wrote:Now should they develop a new standard of connection ?

Not necessarily/immediately. From the description:

When the victim reinstalls the key, associated parameters such as the incremental transmit packet number (i.e. nonce) and receive packet number (i.e. replay counter) are reset to their initial value. Essentially, to guarantee security, a key should only be installed and used once. Unfortunately, we found this is not guaranteed by the WPA2 protocol. By manipulating cryptographic handshakes, we can abuse this weakness in practice.

This would be saying that software-fixes are possible in the sense of not allowing key re-installation. Certainly wrt. the specific mentioned Android/Linux extra vulnerability, by not allowing an all-zero key; this latter part will no doubt be the first fix/mitigation we see; completely disallowing reinstallation might be a higher impact issue.

As far as I can see, not yet. The debian security advisory, http://seclists.org/bugtraq/2017/Oct/25, has a date of today (16-10-2017) and will given the amount of press this thing is generating very likely make it down to Ubuntu and then Mint within the day. But for now I believe you're vulnerable.

If the home router is patched are all unpatched WiFi devices connecting to it via WPA2 not vulnerable to this?
If say a WiFi printer isn't patched long term but the router is, can the printer data or connect password be monitored?

earthlingkc wrote:If the home router is patched are all unpatched WiFi devices connecting to it via WPA2 not vulnerable to this?

They would still be vulnerable; this is a client-side issue; a (legitimate) router isn't in fact involved -- which is a blessing, since certainly many older and cheaper routers would not be getting updates.

It is explained at https://www.krackattacks.com/. The issue requires an untrustworthy Wi-Fi network (which may as in the supplied video be a cloned copy of a trustworthy one; i.e., not something you'd necessarily immediately notice) to replay a step of the WPA2 protocol handshake to the victim-client, causing it to re-install the encryption key for the connection. This is an important security issue on any platform but not yet (all of) the problem in itself; for details, read the bit directly under the "Practical impact" header. On Android and Linux the issue is however made worse by the possibility to trick clients to make that re-installed encryption key be an all-zero key; to effectively disable WPA2 encryption. To, hence, cause the connection to be easily monitored.

So, router no. A printer is a client and it's indeed conceivable someone could trick it onto an untrustworthy/cloned Wi-Fi network and monitor or forge its communication.

If you haven't yet applied all available security upgrades in Update Manager, do so now.

The affected packages are hostapd and wpasupplicant. Both come from the upstream package wpa so Update Manager conveniently shows you these as one upgrade under the name "wpa". But if you want to check your installed package versions, you need those first two package names. Mind that hostapd isn't installed by default so it may not be present on your system.

For Linux Mint 18.x you need version 2.4-0ubuntu6.2 or newer.
For Linux Mint 17.x you need version 2.1-0ubuntu1.5 or newer.
For LMDE 2 you need version 2.3-1+deb8u5 or newer.

Ideally, yes home routers are also patched, but the krackattacks folks had this to say about it:

What if there are no security updates for my router?

Our main attack is against the 4-way handshake, and does not exploit access points, but instead targets clients. So it might be that your router does not require security updates. We strongly advise you to contact your vendor for more details. In general though, you can try to mitigate attacks against routers and access points by disabling client functionality (which is for example used in repeater modes) and disabling 802.11r (fast roaming). For ordinary home users, your priority should be updating clients such as laptops and smartphones.

rene wrote:A printer is a client and it's indeed conceivable someone could trick it onto an untrustworthy/cloned Wi-Fi network and monitor or forge its communication.

This would surely cause the printer to disappear from the genuine network? It would at least, hopefully, be spotted by the users on that network. Hopefully, even if this results in login credentials being obtained from the printer, using MAC address filtering should be enough to prevent the average miscreant from accessing your home network.

A mate of mine recently had a printout which definitely didn't come from any of his (or my) devices .. photo of some lady he didn't recognize. I was there when it happened. One reason my printer is on ethernet but it IS accessible via the router using WiFi.